Packages changed:
  cryptsetup (2.3.3 -> 2.3.4)
  dracut
  filesystem
  fwupd
  gzip
  libcap (2.42 -> 2.43)
  libgpg-error (1.38 -> 1.39)
  libxcrypt (4.4.15 -> 4.4.17)
  lvm2
  lvm2-device-mapper
  npth
  permissions (1550_20200826 -> 1550_20200904)
  python38
  python38-core
  rsync
  utempter

=== Details ===

==== cryptsetup ====
Version update (2.3.3 -> 2.3.4)
Subpackages: libcryptsetup12

- Update to 2.3.4:
  * Fix a possible out-of-bounds memory write while validating LUKS2 data
    segments metadata (CVE-2020-14382, boo#1176128).
  * Ignore reported optimal IO size if not aligned to minimal page size.
  * Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9).
  * Added support panic_on_corruption option for dm-verity devices (kernel 5.9).
  * Support --master-key-file option for online LUKS2 reencryption
  * Always return EEXIST error code if a device already exists.
  * Fix a problem in integritysetup if a hash algorithm has dash in the name.
  * Fix crypto backend to properly handle ECB mode.
  * TrueCrypt/VeraCrypt compatible mode now supports the activation of devices
    with a larger sector.
  * LUKS2: Do not create excessively large headers.
  * Fix unspecified sector size for BitLocker compatible mode.
  * Fix reading key data size in metadata for BitLocker compatible mode.

==== dracut ====
Subpackages: dracut-ima

- Generate the tarball during buildtime. Tracking both the tarball
  and the .obscpio combines the worst of both.

==== filesystem ====

- Split /var/tmp out of fs-var.conf, new file is fs-var-tmp.conf.
  Allows to override config to add cleanup options of /var/tmp
  [bsc#1078466]
- Create fs-tmp.conf to cleanup /tmp regular (required with tmpfs)
  [bsc#1175519]
- Fix bug about missing group in tmpfiles.d files
- Generic cleanup:
  - Remove /usr/local/games
  - /etc/java was moved to javapackages-filesystem long ago
  - Remove unused languages: en@IPA, it_CH, ja_JP.EUC, ja_JP.SJIS,
    ja_JP.eucJP, nds_DE
  - Remove %ghost entries for /tmp, /tmp is now tmpfs and the files
    are handled by systemd since a long time
- Add /usr/etc/default.

==== fwupd ====
Subpackages: libfwupd2 libfwupdplugin1 typelib-1_0-Fwupd-2_0

- Add fwupd-jscSLE-11766-close-efidir-leap-gap.patch: Set SLE and
  openSUSE esp os dir at runtime (jsc#SLE-11766)
- Drop _multibuild and build option -Defi_os_dir="%{efidir}": with
  the above patch fwupd can detect esp os dir dynamically
- Update the efidir related %post and %postun scripts in spec file

==== gzip ====

- Enable DFLTCC compression for s390x for levels 1-6 (i. e. to make
  it used by default) by adding -DDFLTCC_LEVEL_MASK=0x7e to CLFAGS.
  [jsc#SLE-13775]

==== libcap ====
Version update (2.42 -> 2.43)

- update to 2.43
  * Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it.
  * Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets
  * Clean up a binary from the distribution
  * Added some more release time checks for non-git tracked files.
  * Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder.

==== libgpg-error ====
Version update (1.38 -> 1.39)

- Update to 1.39:
  * "gpg-error --lib-version" works again.
  * New function gpgrt_fcancel as alternative to gpgrt_close. This
    function avoid flushing out buffered data and also tries to delete
    a newly created file.
  * Update the gnupg project keyring
  * Interface changes relative to the 1.38 release:
  - gpgrt_fcancel: NEW.

==== libxcrypt ====
Version update (4.4.15 -> 4.4.17)

- Add compatibility provides for SLE15
- Update to version 4.4.17
  * Salt string compatibility with generic implementations

==== lvm2 ====
Subpackages: liblvm2cmd2_03

- lvm can't pass build with gcc option Wstringop-overflow (bsc#1175565)
  - remove suse speical patch
  - bug-1175565_lvm-cant-pass-build-with-gcc-option-Wstringop-overflow.patch
  - add upstream patch
    + bug-1175565_01-tools-move-struct-element-before-variable-lenght-lis.patch
    + bug-1175565_02-gcc-change-zero-sized-array-to-fexlible-array.patch
    + bug-1175565_03-gcc-zero-sized-array-to-fexlible-array-C99.patch

==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03

- lvm can't pass build with gcc option Wstringop-overflow (bsc#1175565)
  - remove suse speical patch
  - bug-1175565_lvm-cant-pass-build-with-gcc-option-Wstringop-overflow.patch
  - add upstream patch
    + bug-1175565_01-tools-move-struct-element-before-variable-lenght-lis.patch
    + bug-1175565_02-gcc-change-zero-sized-array-to-fexlible-array.patch
    + bug-1175565_03-gcc-zero-sized-array-to-fexlible-array-C99.patch

==== npth ====

- Remove old specfile constructs and doubleshipping of docs.

==== permissions ====
Version update (1550_20200826 -> 1550_20200904)
Subpackages: chkstat permissions-config

- Update to version 20200904:
  * Add /usr/libexec for cockpit-session as new path
  * physlock: whitelist with tight restrictions (bsc#1175720)

==== python38 ====

- Just cleanup and reordering items to synchronize with python39

==== python38-core ====
Subpackages: libpython3_8-1_0 python38-base

- Just cleanup and reordering items to synchronize with python39

==== rsync ====

- Security fix: [bsc#1176160, CVE-2020-14387]
  * rsync-ssl: Verify the hostname in the certificate when using openssl.
- Add rsync-CVE-2020-14387.patch

==== utempter ====

- fixed utempter location after libexecdir change (bsc#1175925)